[BUGS] [root: seaholm security check output]

jonathan michaels jlm at caamora.com.au
Wed Jan 23 18:41:04 EST 2008 

On Sat, Jan 19, 2008 at 09:25:32PM +1100, Jerahmy Pocott wrote:
> 
> On 19/01/2008, at 10:00 AM, Andy Farkas wrote:
> 
> > On 1/19/08, jonathan michaels <jlm at caamora.com.au> wrote:
> >>
> >>> proc: table is full
> >>> proc: table is full
> >>> proc: table is full
> >>
> >
> > Hi Jonathan,
> >
> > No disrespect intended, but you should try to increase your web
> > searching skills..
> >
> > When I typed "FreeBSD proc: table is full" into google, the following
> > results popped up on the first page:
> >
> > <http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-kernel-limits.html 
> > >
> > <http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/troubleshoot.html 
> > >
> 
> But if this is an old machine, suddenly saying the process table is  
> full, and nothing has been changed on it, it would suggest something  
> else is wrong, rather than just not having the sysctl value tuned high  
> enough..
> 
> What processes are running? What does this box do?

not much actually, domain primary mail server/mx host then
after that all teh usual, as installed 1997, stuff.

i have noticed a significant increase in teh incoming smtp
load, teh /var/log/maillog is increasing in size, it started on
the 20th jan 2008, and it has been increasing slowly since
then. the day that the proc table full happened the maillog
file was about 2x the usual size (140k)

well this is better than i could explain

216 -rw-rw-r--  1 root  bin  207794 Jan 23 08:23 /var/log/maillog

136 -rw-rw-r--  1 root  bin  127998 Jan 23 02:00 /var/log/maillog.0.gz
136 -rw-rw-r--  1 root  bin  125682 Jan 22 02:00 /var/log/maillog.1.gz
112 -rw-rw-r--  1 root  bin  105917 Jan 21 02:00 /var/log/maillog.2.gz
 83 -rw-rw-r--  1 root  bin   84152 Jan 20 02:00 /var/log/maillog.3.gz
152 -rw-rw-r--  1 root  bin  145811 Jan 19 02:00 /var/log/maillog.4.gz
 87 -rw-rw-r--  1 root  bin   88983 Jan 18 02:00 /var/log/maillog.5.gz
 86 -rw-rw-r--  1 root  bin   87156 Jan 17 02:00 /var/log/maillog.6.gz
 88 -rw-rw-r--  1 root  bin   90066 Jan 16 02:00 /var/log/maillog.7.gz

i would say that the senmail load is slowly climbing, yes ?

> It seems very unlikely to me that there is a legitimate reason for it  
> to suddenly do this.. But need to know more about what it's supposed  
> to do..

there seems to be an increase in these type of log entries

Jan 23 03:06:27 m0MG6L119176: forward /var/spool/uucppublic/.forward.seaholm+: World writable directory
Jan 23 03:06:27 m0MG6L119176: forward /var/spool/uucppublic/.forward+: World writable directory
Jan 23 03:06:27 m0MG6L119176: forward /var/spool/uucppublic/.forward.seaholm: World writable directory
Jan 23 03:06:27 m0MG6L119176: forward /var/spool/uucppublic/.forward: World writable directory
Jan 23 03:06:27 m0MG6L119176: to=<uucp at caamora.com.au>, delay=00:00:04, xdelay=00:00:00, mailer=local, pri=30077, dsn=2.0.0, stat=Sent

Jan 23 03:07:18 m0MF7I118977: timeout waiting for input from rrcs-71-43-104-161.se.biz.rr.com during server cmd read
Jan 23 03:07:18 m0MF7I118977: lost input channel from rrcs-71-43-104-161.se.biz.rr.com [71.43.104.161] to MTA after mail
Jan 23 03:07:18 m0MF7I118977: from=<cadaversuu at commissionville.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=rrcs-71-43-104-161.se.biz.rr.com [71.43.104.161]

Jan 23 03:15:52 sendmail[19172]: NOQUEUE: pooladsl-b-15-132.ipcom.comunitel.net [212.145.238.132] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 23 03:16:05 sendmail[19174]: NOQUEUE: dsl.dynamic851001276.ttnet.net.tr [85.100.12.76] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

i have trimmed teh hostnames, it is just the mx hosts id
anyway.

the uucp ones started about 2 or three years ago and have
remain'd constant as regards the rate, though it cycles over
the year. i do not know how to handle teh other two, i am
hoping that setting up a "stuttering" smtp proxy will deal with
those aswell as teh rest of teh spammer generated almost "real
mta" initiated mail/smtp connections.

exim is about the only 'simple' one stop solution to this sort
of preventative measure most of teh others require some sprt of
additional package that has its own config and stuff to "learn"
i am trying to keep it as simple to set up as possible. qmail
is just not a possibility but postfix one of teh possablities,
if it does this "stuttering" stuff ? otherwise it is
sendmail+spamd (i think that is what it is called) if that
oldie is still current in this broad new world ??

well thats all for now me thinks, ihope its speld'd well (i
hope)

note: if anyone can work out how to get framework II/III
to work on freebsd (any bsd even linux for that matter) then i
will have a spelling checker that clears up 98 percent or
better of my unique spellingerisms .. framework II/III is a
brilliant pc dos based office package i still have my diskettes
and licence stuff i have tried and failed many many times over
to the experts. the source of teh failures belongs to a
propriatery memory access method for extended/expanded memory,
stuff beyound the 1024 kb point .. the machine just locks up
solid !! 

on that note, thansk for listening

regards/appreciations .. most gracious

jonathan

-- 
================================================================
powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====

More information about the BUGS mailing list